If I get the key from the site, the window of vulnerability is small: I
only need to get it once.
For any new key there will (hopefully) be an announcement, signed with the
old key, containing the new key's fingerprint.
Also, I can get a key from a keyserver or any other place. It's not about
the key, it's about its fingerprint
which you can publish in multiple places: on the site, on social media,
mention it in a conference talk, etc.
If you can get the key from the site, you can also get the public certificate from the site and verify it in the future. The threat model is effectively identical to HTTPS.
/s/ Adam